	Home \| Databases \| WorldLII \| Search \| Feedback Privacy Law and Policy Reporter

Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

You are here: AustLII >> Databases >> Privacy Law and Policy Reporter >> 1996 >> [1996] PrivLawPRpr 27

Greenleaf, Graham --- "Private parts" [1996] PrivLawPRpr 27; (1996) 3(2) Privacy Law & Policy Reporter 40

Private Parts

compiled by Graham Greenleaf

US CONGRESS DEBATES KEY ESCROW, EXPORT CONTROLS

The Electronic Privacy Information Centre's Internet newsletter, EPIC Alert, has a special issue on cryptography policy (http://www.epic.org/alert/EPIC_Alert_3.10.txt) which is required reading for current US developments. While the US administration is launching the latest round of its key escrow policies -- the Key Management Infrastructure (KMI) or `Clipper III' proposals discussed in this issue's lead article -- two bills dealing with key escrow are before the Congress.

Senator Patrick Leahy and several other co-sponsors introduced the Encrypted Communications Privacy Act of 1996 (S.1587) in March (see http://www.epic.org/crypto/legislation/s1587.html for its text). The proposed legislation would:

relax export controls by transferring authority for export decisions to the Secretary of Commerce, and mandate the removal of controls on `generally available' encryption software;
create a legal framework for key escrow agents, including an obligation to disclose keys and assist law enforcement, and establish penalties for improper disclosure;
affirm the freedom to use and sell encryption within the US; and
criminalise the use of encryption which may have the effect of obstructing a felony investigation.

EPIC supports the Leahy Bill's move to loosen export controls, but opposes any move to establish a legal structure for key escrow. It regards any legislation to `affirm' the freedom to use encryption within the US, or to impose additional criminal penalties for obstruction of justice, as both unnecessary and dangerous. EPIC's analysis of the Bill is at http://epic.org/crypto/legislation/s1587_analysis.html

EPIC is far more supportive of the Bill introduced by Senator Conrad Burns (and now also supported by Senator Leahy), the Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act (s 1726), which would relax export controls on software and hardware with encryption capabilities and would prohibit mandatory key-escrow. Hearings on the legislation are tentatively scheduled for June. See http://www.epic.org/crypto/export_controls/ for more details.

The US administrations continuing support of export bans on strong encryption, and its linkage to key escrow schemes, is coming under increasing attack from Congress, with a bi-partisan group of 27 House members recently writing to President Clinton to oppose such measures, citing a study that claimed that US technology industries will lose $60 billion in revenues and 200,000 jobs by the year 2000 in consequence of encryption export bans (see http://www.epic.org/crypto/key_escrow/).

EFA CRYPTO COMMITTEE

Electronic Frontiers Australia (EFA), now the most vocal Australian organisation attempting to limit the regulation of the Internet, has established a Cryptography Committee to work towards preventing unnecessary regulation of encryption technologies and promote the benefits of strong encryption for the online community. Contact Michael Baker (mbaker@pobox.com) if you would like to become involved. The Committee is currently developing a response to Standards Australia's draft PKAF standard (see details this issue).

AUSTRALIA'S CRYPTO- EXPORT LAW

It is not only US law that imposes restrictions on export of encryption technologies. In Australian law, the Customs (Prohibited Exports) Regulations 1901 (Cth), regulation 13B requires permission in writing (or a licence) to export the goods granted by the Minister for Defence or an authorised person, for any goods in Sched 13 `Military and non-military goods (exportation prohibited except on production of a licence or permission under regulation 13B)'. The Schedule includes:

43. Other goods as follows:
(a) complete or partially complete cryptographic equipment designed to ensure the secrecy of communications (including data communications and communications through the medium of telegraphy, video, telephony and facsimile) or stored information;
(b) software controlling, or computers performing the function of, cryptographic equipment referred to in para (a);
(c) parts designed for goods referred to in paras (a) or (b);
(d) applications software for cryptographic or cryptanalytic purposes including software used for the design and analysis of cryptologics;
...
(h) information security systems, equipment, software, application specific assemblies, modules or integrated circuits, designed or modified to provide certified or certifiable multi-level security of user-isolation at a level exceeding Class E4 of the Information Technology Security Evaluation Criteria (ITSEC) or equivalent in force at the commencement of these regulations;
(i) software designed or adapted for the purpose of demonstrating that the information security features referred to in para (h) provide a multi-level security or user-isolation function.

(see http://www.austlii.edu.au/au/legis/cth/consol_reg/cer439/sch13.html for the full text).

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1996/27.html